New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Are we able to whitelist a subnet of IPs? #98

Closed
shanaver opened this Issue Oct 17, 2014 · 4 comments

Comments

Projects
None yet
5 participants
@shanaver
Copy link

shanaver commented Oct 17, 2014

For example, all of CloudFlare's IPs:

199.27.128.0/21
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/12

How would I create a rule to whitelist all of those?

@gsamokovarov

This comment has been minimized.

Copy link
Contributor

gsamokovarov commented Oct 18, 2014

You can use IPAddr to represent a subnet. Something like this can work for you:

require 'ipaddr'

Rack::Attack.whitelist('allow from 199.27.128.0/21') do |request|
  IPaddr.new('199.27.128.0/21').include? request.ip
end
@ktheory

This comment has been minimized.

Copy link
Collaborator

ktheory commented Oct 18, 2014

@shanaver: I recommend @gsamokovarov's solution above. Cheers.

@ktheory ktheory closed this Oct 18, 2014

@bensomers

This comment has been minimized.

Copy link

bensomers commented Oct 18, 2014

Word to the wise: past versions of IPAddr have had very serious memory leaks - I attempted to use it in a blacklisting tool and it wasn't remotely feasible. Don't know about the current version - I believe that was on an early 1.9.2 release.

@shanaver

This comment has been minimized.

Copy link
Author

shanaver commented Oct 20, 2014

thanks for the input everyone - perfect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment